Vulnerabilities > CVE-2024-56356 - XXE vulnerability in Jetbrains Teamcity

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jetbrains

CWE-611

NVD

Published: 2024-12-20

Updated: 2025-01-02

Summary

In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Teamcity - Jetbrains Teamcity 2.0 Jetbrains Teamcity 2.1 Jetbrains Teamcity 3.0 Jetbrains Teamcity 3.1 Jetbrains Teamcity 4.0 Jetbrains Teamcity 4.0.1 Jetbrains Teamcity 4.0.2 Jetbrains Teamcity 4.5 Jetbrains Teamcity 5.0 Jetbrains Teamcity 5.1 Jetbrains Teamcity 6.0 Jetbrains Teamcity 6.5 Jetbrains Teamcity 7.0 Jetbrains Teamcity 7.1 Jetbrains Teamcity 8.0 Jetbrains Teamcity 8.0.1 Jetbrains Teamcity 8.0.2 Jetbrains Teamcity 8.0.3 Jetbrains Teamcity 8.0.4 Jetbrains Teamcity 8.0.5 Jetbrains Teamcity 8.0.6 Jetbrains Teamcity 8.1 Jetbrains Teamcity 8.1.1 Jetbrains Teamcity 8.1.2 Jetbrains Teamcity 8.1.3 Jetbrains Teamcity 8.1.4 Jetbrains Teamcity 8.1.5 Jetbrains Teamcity 9.0 Jetbrains Teamcity 9.0.1 Jetbrains Teamcity 9.0.2 Jetbrains Teamcity 9.0.3 Jetbrains Teamcity 9.0.4 Jetbrains Teamcity 9.0.5 Jetbrains Teamcity 9.1 Jetbrains Teamcity 9.1.1 Jetbrains Teamcity 9.1.2 Jetbrains Teamcity 9.1.3 Jetbrains Teamcity 9.1.4 Jetbrains Teamcity 9.1.5 Jetbrains Teamcity 9.1.6 Jetbrains Teamcity 9.1.7 Jetbrains Teamcity 10.0 Jetbrains Teamcity 10.0.1 Jetbrains Teamcity 10.0.2 Jetbrains Teamcity 10.0.3 Jetbrains Teamcity 10.0.4 Jetbrains Teamcity 10.0.5 Jetbrains Teamcity 2017.1 Jetbrains Teamcity 2017.1.1 Jetbrains Teamcity 2017.1.2 Jetbrains Teamcity 2017.1.3 Jetbrains Teamcity 2017.1.4 Jetbrains Teamcity 2017.1.5 Jetbrains Teamcity 2017.2 Jetbrains Teamcity 2017.2.1 Jetbrains Teamcity 2017.2.2 Jetbrains Teamcity 2017.2.3 Jetbrains Teamcity 2017.2.4 Jetbrains Teamcity 2018.1 Jetbrains Teamcity 2018.1.1 Jetbrains Teamcity 2018.1.2 Jetbrains Teamcity 2018.1.3 Jetbrains Teamcity 2018.1.4 Jetbrains Teamcity 2018.1.5 Jetbrains Teamcity 2018.2 Jetbrains Teamcity 2018.2.1 Jetbrains Teamcity 2018.2.2 Jetbrains Teamcity 2018.2.3 Jetbrains Teamcity 2018.2.4 Jetbrains Teamcity 2018.2.5 Jetbrains Teamcity 2019.1 Jetbrains Teamcity 2019.1.1 Jetbrains Teamcity 2019.1.2 Jetbrains Teamcity 2019.1.3 Jetbrains Teamcity 2019.1.4 Jetbrains Teamcity 2019.1.5 Jetbrains Teamcity 2019.2.0 Jetbrains Teamcity 2019.2.1 Jetbrains Teamcity 2019.2.2 Jetbrains Teamcity 2019.2.3 Jetbrains Teamcity 2020.1 Jetbrains Teamcity 2020.1.1 Jetbrains Teamcity 2020.1.2 Jetbrains Teamcity 2020.1.3 Jetbrains Teamcity 2020.1.4 Jetbrains Teamcity 2020.1.5 Jetbrains Teamcity 2020.2 Jetbrains Teamcity 2020.2.1 Jetbrains Teamcity 2020.2.2 Jetbrains Teamcity 2020.2.3 Jetbrains Teamcity 2020.2.85695 Jetbrains Teamcity 2021.2 Jetbrains Teamcity 2022.04 Jetbrains Teamcity 2022.04.1 Jetbrains Teamcity 2022.04.2 Jetbrains Teamcity 2022.04.3 Jetbrains Teamcity 2022.04.4 Jetbrains Teamcity 2022.04.5 Jetbrains Teamcity 2022.04.6 Jetbrains Teamcity 2022.04.7 Jetbrains Teamcity 2022.10 Jetbrains Teamcity 2022.10.1 Jetbrains Teamcity 2022.10.2 Jetbrains Teamcity 2022.10.3 Jetbrains Teamcity 2022.10.4 Jetbrains Teamcity 2022.10.5 Jetbrains Teamcity 2022.10.6 Jetbrains Teamcity 2023.05 Jetbrains Teamcity 2023.05.1 Jetbrains Teamcity 2023.05.2 Jetbrains Teamcity 2023.05.3 Jetbrains Teamcity 2023.05.4 Jetbrains Teamcity 2023.05.5 Jetbrains Teamcity 2023.05.6 Jetbrains Teamcity 2023.11 Jetbrains Teamcity 2023.11.1 Jetbrains Teamcity 2023.11.2 Jetbrains Teamcity 2023.11.3 Jetbrains Teamcity 2023.11.4 Jetbrains Teamcity 2023.11.5 Jetbrains Teamcity 2024.03 Jetbrains Teamcity 2024.03.1 Jetbrains Teamcity 2024.03.2 Jetbrains Teamcity 2024.03.3 Jetbrains Teamcity 2024.07 Jetbrains Teamcity 2024.07.1 Jetbrains Teamcity 2024.07.2 Jetbrains Teamcity 2024.07.3	132

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.jetbrains.com/privacy-security/issues-fixed/